H3C Technologies H3C S7500E Series Switches User Manual

3-20

Figure 3-20 Add an access user account

2) Configure the switch

z

Configure a RADIUS scheme

# Create a RADIUS scheme named rad and enter its view.

system-view

[Switch] radius scheme rad

# Set the server type for the RADIUS scheme. When using the iMC server, set the server type to

extended.

[Switch-radius-rad] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys for

communication with the servers.

[Switch-radius-rad] primary authentication 10.1.1.1

[Switch-radius-rad] primary accounting 10.1.1.1

[Switch-radius-rad] key authentication expert

[Switch-radius-rad] key accounting expert

# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.

[Switch-radius-rad] user-name-format with-domain

[Switch-radius-rad] quit

z

Configure an authentication domain

# Create an ISP domain named bbb and enter its view.

[Switch] domain bbb

# Configure the ISP domain to use RADIUS scheme rad.

[Switch-isp-bbb] authentication lan-access radius-scheme rad

[Switch-isp-bbb] authorization lan-access radius-scheme rad

[Switch-isp-bbb] accounting lan-access radius-scheme rad

[Switch-isp-bbb] quit

# Configure bbb as the default ISP domain for all users. Then, if a user enters a username without any

ISP domain at login, the authentication and accounting methods of the default domain will be used for

the user.

[Switch] domain default enable bbb

z

Configure 802.1X authentication

# Enable 802.1X globally.